Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26-05-2024 01:44
Behavioral task
behavioral1
Sample
ad0ee3befcccaee100604ec06bc00234090e6d909bf42e5da535e1adb067abba.dll
Resource
win7-20240221-en
3 signatures
150 seconds
General
-
Target
ad0ee3befcccaee100604ec06bc00234090e6d909bf42e5da535e1adb067abba.dll
-
Size
38KB
-
MD5
3c1e3f70d047493c75718f83b6cc38ed
-
SHA1
5d482de43b196641b28f487a959ac13a9a55ddc1
-
SHA256
ad0ee3befcccaee100604ec06bc00234090e6d909bf42e5da535e1adb067abba
-
SHA512
509339039d364ce7b7cfe4dcd2f5673becb00ee85bd1bb1c9e336b626826a00d85eab5a227b063eef0f5ba471777fac89b7c5f81236346bcce1df92fd584dba7
-
SSDEEP
768:Bs+/gMsLIn/wIj2labk+1IsceGSnkmJ0Yblr583CJrVV7HsXU76m2sRGVV:WD8w22laSR0V+3CJrVmXczJR
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
Processes:
rundll32.exedescription ioc process File created C:\Windows\SysWOW64\dmlconf.dat rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1772 wrote to memory of 2772 1772 rundll32.exe rundll32.exe PID 1772 wrote to memory of 2772 1772 rundll32.exe rundll32.exe PID 1772 wrote to memory of 2772 1772 rundll32.exe rundll32.exe PID 1772 wrote to memory of 2772 1772 rundll32.exe rundll32.exe PID 1772 wrote to memory of 2772 1772 rundll32.exe rundll32.exe PID 1772 wrote to memory of 2772 1772 rundll32.exe rundll32.exe PID 1772 wrote to memory of 2772 1772 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ad0ee3befcccaee100604ec06bc00234090e6d909bf42e5da535e1adb067abba.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ad0ee3befcccaee100604ec06bc00234090e6d909bf42e5da535e1adb067abba.dll,#12⤵
- Drops file in System32 directory